Inside money, markets, and big tech

IOTA is dishing out shares of $220K bounty — if you can crack its new hash function

Better get cracking

IOTA Foundation, the company wanting to be the cryptocurrency for the Internet-of-Things (IoT), has just launched a new hash function, and it’s dishing out shares of a $220,000 (200,000 euro) bounty to anyone that can crack it.

The new hash function, known as Troika, has been designed by cryptographers from cyber security firm, Cybercrypt. IOTA hopes the new hash function will lay the cryptographic and encryption groundwork for what will become the final IOTA protocol for encrypting its distibuted ledger.

If you’re not up-to-speed on hash functions, they are basically ways of encrypting and mapping data of varying size to an identifier of a consistent size. By design, hash functions should only work one way and should not be able to be reversed engineered, meaning a hacker shouldn’t be able to locate the original data if they have the hash.

The foundation claims that its new hash function has been designed to surpass all current cryptanalytic testing and attacks. While IOTA hasn’t claimed it’s unhackable, that is quite a bold claim, as with enough time, most things usually can be hacked.

IOTA is putting its name on the line by offering a total of $220,000 bounty for anyone that can help crack and improve the cryptography.

“We hope that this competition will bring the cryptographic community together on solving security in the Internet-of-Things,” said David Sønstebø, Co-Founder and Co-chair of IOTA Foundation, in the announcement.

There are two challenges for cryptanalysts to participate in: “collisions” and “preimage.” A collisions attack is where crackers try to find two duplicate input variables that end up producing the same hash value. A preimage attack is sort of the inverse principle, where the analyst will try to find the message data connected to a specific hash value.

If either of these attacks can be successfully carried out, it would obviously point to potential weaknesses in the code of the hash.

IOTA is offering a host of prizes ranging from $115 (100 euro) to  $40,000 (35,000 euro) based on which part of the hash function is cracked. The prizes will be paid out once the hack is confirmed by Cybercrypt, if successful, the prizes will be paid out in either Euros or MIOTA – if you’re into that kind of thing.

Full details of the bounty programme can be found on Cybercrypt’s website – it’s probably worth reading the terms and conditions too, before you get cracking…

Published December 20, 2018 — 15:00 UTC